Have a cool product idea or improvement?

We'd love to hear about it! Click here to go to the product suggestion community

IPSec Mikrotik to Sophos problem

Good day,

I am hoping to get some assistance with my issue.

I have set up a IPSec tunnel from a Mikrotik to my Sophos XG Firewall, it Avtivates and Connects successfully and from the Mikrotik and local network behind the Mikrotik I ping back to the Sophos Firewall and local network behind the Sophos Firewalol, but from the Sophos Firewall I cannot ping the Mikrotik or anything behind the Mikrotik

I have gone through various HowTo's and set up my LAN-VPN and VPN-LAN Firewall Rules with and without NAT, depending on the HowTo, but have been unsuccessful.

I have checked the logs and I can see the traffic coming in through the IPSec tunnel, but nothing going back out the IPSec tunnel

The IPSec configurations and Firewall rules seems to be fine. In your case, it seems to be the problem on the remote side where Mikrotik is deployed. A packet capture/tcpdump would be really helpful. Please initiate a continuous ping to any of the machine connected in the Mikrotik LAN and start the tcpdump on XG Firewall.

Thank for the logs Timothy, the issue seems to be with the routing table of XG Firewall. Please check if you have any static routes or policy routes configured for the destination network, The XG Firewall is forwarding the traffic to WAN interface i.e. Port 2 instead ipsec0 vitual interface. It should be showing Port1 as IN and IPSec0 as Outgoing interface so i am suspecting the IPsec routes are missing or there any other routes with higher priority.

You can try creating a new VPN configuration or add the IPsec route manually or open a case with sophos technical support.